Filet-O-Phish – Thieves target McDonald’s


I ran across an interesting and improbable phish today while looking through our spam feeds.

The attackers in this case decided that enough people in the world eat at McDonald’s that it was worth having a go at convincing people to fill out a survey with the lure of a $90 credit for their participation.

The text of the email reads:

Dear customer, Please give us only 5 minutes of your valuable time to ask you some questions about our products . Please be aware that we will not ask you about any personal information. In return, we will credit $90.00 to your account - just for your time. If you want to answer our simply 8 questions , please click the link below : http://mail.CENSORED/index.html Thank you for helping us to become better . Sincerely, McDonald's Survey Department. Please do not reply to this email. This mailbox is not monitored and you will not receive a response.

Screenshot of email phish against McDonald's customers

You can see from the screenshot that the default character set is set to Cyrillic, which is more than a little strange for an email in English. The entire lure is a bit unlikely, but for every scam, there seems to be a fool who falls for it.

The website the email links to puts on a good show of quizzing you about your favorite McDonald’s foods, drinks, etc.

McDonald's phish survey

McDonald's phish for credit card

Their coding could use some work, though, as every section of the web page has the error “[an error occurred while processing this directive].”

Once you fill out this moderately broken survey you are delivered to the phish itself.

As in other phishes I have blogged about, the scammers not only want your name, address and birthday, but also your drivers’ license, credit card and CVV.

I am always surprised that people think they can win $90 in a survey or that they may have won 3 million pounds in a UK lottery they never entered.

And doesn’t anyone wonder how on earth McDonald’s or the UK lottery got their email address in the first place?

Sophos customers are protected against these emails, and as always please think before you click.